12 matches found
CVE-2026-56130
"Remember me" cookie age is not verified on the server. This potentially allows an attacker to intercept a valid cookie and reuse it indefinitely, even after the configured expiration time has passed. This issue affects all Apache Shiro versions from 1.2.4 through 2.x, and 3.0.0-alpha-1, only whe...
EUVD-2026-39229
"Remember me" cookie age is not verified on the server. This potentially allows an attacker to intercept a valid cookie and reuse it indefinitely, even after the configured expiration time has passed. This issue affects all Apache Shiro versions from 1.2.4 through 2.x, and 3.0.0-alpha-1, only whe...
EUVD-2019-10588
Malware in sbrugna...
GHSA-Q4CQ-R7HG-PXQQ Improper Authentication in Jenkins
A improper authentication vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in SecurityRealm.java, TokenBasedRememberMeServices2.java that allows attackers with a valid cookie to remain logged in even if that feature is disabled...
UBUNTU-CVE-2021-39210
GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, the cookie used to store the autologin cookie when a user uses the "remember me" feature is accessible by scripts. A malicious plugin that could steal this cookie would be able to use it to autologin. This issue ...
Design/Logic Flaw
An attacker with access to an InMail voicemail box equipped with the find me/follow me feature on Aspire-derived NEC PBXes, including all versions of SV8100, SV9100, SL1100 and SL2100 devices, may access the system's administration modem...
CVE-2019-20032
CVE-2019-20032 affects Aspire-derived NEC PBXes (SV8100, SV9100, SL1100, SL2100). A local attacker who has access to an InMail voicemail box with the find me/follow me feature can reach the system’s administration modem. The case describes no details on the root cause beyond the feature interplay...
Bookme Control Panel Cross-Site Scripting Vulnerability
Bookme Control Panel is an online booking plugin for use in WordPress. A cross-site scripting vulnerability exists in the Customers 'Book Me' feature in version 2.0 of Bookme Control Panel, which stems from the program failing to filter user-submitted input. A remote attacker can exploit this...
Intel Confirms Its Much-Loathed ME Feature Has A Kill Switch
Researchers at Positive Technologies forced Intel’s hand at revealing that a previously undocumented kill switch exists for its oft-criticized Intel Management Engine, a remote management component of Intel CPUs. Initially, Positive Technologies set out to disable the feature that some security...
CVE-2016-4437
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter...
CVE-2016-4437
Apache Shiro before 1.2.5, when a cipher key has not been configured for the “remember me” feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter. Recent assessments: sv3nbeast at April 17, 2020 12:15pm UTC reported: ...
PT-2016-3363
Name of the Vulnerable Software and Affected Versions Apache Shiro versions prior to 1.2.5 Description The issue is related to the "remember me" feature in Apache Shiro, where the lack of a configured cipher key allows remote attackers to execute arbitrary code or bypass intended access...